| 제목 | code-projects Online Application System For Admission In PHP 1.0 Information Disclosure |
|---|
| 설명 | The Online Application System for Admission in PHP v1.0 is affected by a Sensitive Information Disclosure vulnerability due to an exposed SQL database backup file.
The application stores a database dump file (oas.sql) inside a publicly accessible directory within the web root. Because the web server does not restrict access to .sql files, any remote user can directly access and download the database dump without authentication.
The exposed file can be accessed via:
http://localhost/OnlineApplicationSystem_PHP/enrollment/database/oas.sql
Since the SQL file contains the complete database structure and stored application data, an attacker can retrieve sensitive information including user records, credentials, application data, and database schema.
This vulnerability arises from improper server configuration and insecure storage of backup files inside web-accessible directories. |
|---|
| 원천 | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20Application%20System%20for%20Admission%20PHP%20Exposed%20Database%20Backup.md |
|---|
| 사용자 | AhmadMarzouk (UID 95993) |
|---|
| 제출 | 2026. 03. 23. PM 06:08 (25 날 ago) |
|---|
| 모더레이션 | 2026. 04. 05. PM 10:46 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 355438 [code-projects Online Application System for Admission 1.0 oas.sql 정보 공개] |
|---|
| 포인트들 | 20 |
|---|